Example how to use node-netflowv9 and define your own netflow type decoders

Post Syndicated from Anonymous original http://deliantech.blogspot.com/2015/03/example-how-to-use-node-netflowv9-and.html

This is an example of how you can use node-netflowv9 library (version >= 0.2.5) to define your own proprietary Netflow v9 type decoders if they are not supported.

The given primer is adding decoding for types 30000, 30001, 30002 for Cisco ASA/PIX netflow:

var Collector = require('node-netflowv9');

var colObj = Collector(function (flow) { console.log(flow) });

colObj.listen(5000);

var aclDecodeRule = {
  12: 'o["$name"] = {
     aclId: buf.readUInt32BE($pos),
     aclLineId: buf.readUInt32BE($pos+4),
     aclCnfId: buf.readUInt32BE($pos+8)
  };'

};

colObj.nfTypes[33000] = { name: 'nf_f_ingress_acl_id', compileRule: aclDecodeRule };
colObj.nfTypes[33001] = { name: 'nf_f_egress_acl_id', compileRule: aclDecodeRule };
colObj.nfTypes[33002] = { name: 'nf_f_fw_ext_event', compileRule: {
  2: 'o['$name']=buf.readUInt16BE($pos);'
} };
colObj.nfTypes[40000] = { name: 'nf_f_username', compileRule: {
  0: 'o["$name"] = buf.toString("utf8",$pos,$pos+$len);'
} };

Noise

Example how to use node-netflowv9 and define your own netflow type decoders

The collective thoughts of the interwebz